Lightweight/portable solution for limiting file access?

Discussion in 'other security issues & news' started by TTuL, Nov 7, 2010.

Thread Status:
Not open for further replies.
  1. TTuL

    TTuL Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    4
    Hello,

    Not having done too much security-related on Windows I'm doing research for an idea I have, this seemed like a good place to start.

    The goal is to be able to mount removable media containing sensitive data in untrusted environments. I've already cleared quite a few hurdles and the last part to be figured out is how to limit read/write/execute access. Let's say the drive is mapped to letter X:. What I am looking for is a lightweight/portable solution that could be configured to:
    1) allow only C:\altshell.exe to read/execute files on X:
    2) allow X:\*.exe to read/write/execute files on X:
    3) deny all other all other processes access to X:

    This would have to be portable in the sense that it needs to work on NT 5.1 and newer, preferably with no installation process and without rebooting the host for the policies to be taken into use.

    SRP seems interesting but I'm not sure if it:
    1) works on all >NT 5.1 versions or if there are certain limitations
    2) needs a reboot/session-restart for the polices to be taken into use
    3) plays well together with previously applied Global Policies/Local Policies

    Really any ideas/feedback you guys can come up with is much appreciated! :)
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  3. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    If you are comfortable with Classical HIPS, Malware Defender has file and folder rules and thus your goal of limiting file access. But it is not portable since it requires installation to have its kernel driver loaded along with some registry changes but it doesn't require a reboot, I think. Arran is an expert in MD, you can PM him.
     
  4. TTuL

    TTuL Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    4
    Thanks but write protection is not really of interest as I want to:
    1) limit read/execute access to certain processes
    2) give certain processes write access

    Mounting as read-only can be interesting in other scenarios, but I already have means to do that.

    Thanks! A classical HIPS is indeed most likely to solve this issue. I fancy OSSS but it requires a reboot to initiate the protection and if I have to reboot I might as well boot GNU/Linux. I'll have a look at MD and try not to bother Arran too much. :)

    Edit: I just checked out MD, what is the status on that software? Has is reached EOL?
     
    Last edited: Nov 9, 2010
  5. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    It is now free. Check the MD topic in other anti malware for the link to the latest version.
     
  6. TTuL

    TTuL Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    4
    I saw that it's free, but I couldn't see any signs of active development. Also, without trying to bring up a flame-war, the surrounding PatchGuard war is interesting.
     
Loading...
Thread Status:
Not open for further replies.